From 22e2f74de90c845e42486be00f441c229cf874d3 Mon Sep 17 00:00:00 2001
From: "Rob Swindell (on Windows 11)" <rob@synchro.net>
Date: Fri, 11 Apr 2025 18:08:03 -0700
Subject: [PATCH] system.check_password() does *not* check password.can file
 now

We already other means to do that, allowing more visibility to caller *why*
a password may be rejected.
---
 src/sbbs3/js_system.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/sbbs3/js_system.c b/src/sbbs3/js_system.c
index fe72db1320..24defb3645 100644
--- a/src/sbbs3/js_system.c
+++ b/src/sbbs3/js_system.c
@@ -2086,8 +2086,7 @@ js_chkpassword(JSContext *cx, uintN argc, jsval *arglist)
 		return JS_FALSE;
 
 	rc = JS_SUSPENDREQUEST(cx);
-	bool result = check_pass(sys->cfg, str, /* user: */NULL, /* unique: */false, /* reason: */NULL)
-		              && !trashcan(sys->cfg, str, "password");
+	bool result = check_pass(sys->cfg, str, /* user: */NULL, /* unique: */false, /* reason: */NULL);
 	JS_SET_RVAL(cx, arglist, BOOLEAN_TO_JSVAL(result));
 	JS_RESUMEREQUEST(cx, rc);
 
@@ -2401,7 +2400,8 @@ static jsSyncMethodSpec js_system_functions[] = {
 	 , 321},
 	{"check_password",  js_chkpassword,     1,  JSTYPE_BOOLEAN, JSDOCSTR("password")
 	 , JSDOCSTR("Check that the provided string is suitable for a new user password, "
-		        "returns <tt>true</tt> if it meets the system criteria for a user password")
+		        "returns <tt>true</tt> if it meets the system criteria for a user password.<br>"
+				"Does <b>not</b> check the <tt>password.can</tt> file.")
 	 , 321},
 	{"check_filename",  js_chkfname,        1,  JSTYPE_BOOLEAN, JSDOCSTR("filename")
 	 , JSDOCSTR("Verify that the specified <i>filename</i> string is legal and allowed for upload by users "
-- 
GitLab